Mobile Security Standard

Size: px
Start display at page:

Download "Mobile Security Standard"

Transcription

1 Mobile Security Standard Title Mobile Security Standard Mobile Device Security Category Version: 18/07/2013 PUBLISHED Author:, IT Services Contact:

2 Mobile Security Standard Contents 1 Introduction Background Purpose Scope and Applicability Compliance 4 2 Responsibilities Controls Information Handling Approved Operating System Lists Authorisation, Granting Access Security of Mobile Devices Passwords Tampering with, modifying or adapting applications and security on mobile devices Change or Termination of Access Rights 6 Glossary... 7 References... 7 Document Control Version Date Author Description /05/13 Code of practice developed for the Mobile Security project /05/13 Reformatted to standard document template and updated with minor changes decided by UEB /07/13 Updated with minor comments from ISSG members and published. Page 2 of 7

3 1 Introduction 1.1 Background The University operates in a highly competitive global market for students, staff and research funding in which information is a valuable asset, a significant amount of which is commercially sensitive. At the same time the University must comply with the law and protect its interests avoiding or mitigating the risk of damage or prejudice resulting from unauthorised or accidental disclosure, modification or destruction of information. Information security, or information assurance, is concerned with maximising the business benefit conferred by information while ensuring that the University also fulfils its legal and contractual obligations through achieving a balance between: 1.2 Purpose Confidentiality preserving authorised restrictions on information access and disclosure, including means of preserving personal privacy and proprietary information. A loss of confidentiality is the unauthorised disclosure of information. Integrity guarding against improper information falsification, modification or destruction, and includes ensuring information non-repudiation and authenticity. A loss of integrity is the falsification, unauthorised modification or destruction of information. Availability ensuring that information is made available as and when required for the University to conduct its business efficiently and without delay. Information that is not available may be secure but delivers no business benefit. The widespread use of mobile devices such as smartphones and tablet computers creates new security vulnerabilities when used by University members to access and store confidential information in the form of messages and files. This Standard defines controls that protect information assets under the ownership or custodianship of the University, based upon the potential impact of unauthorised access, disclosure, modification or destruction of the asset as defined in the Information Classification Standard [2]. This Standard supplements and expands Section 6 the University s Information Security Policy [4]. The main purpose of this document is to state unequivocally the rules that apply when using mobile devices to access University held data. 1.3 Scope and Applicability This Standard applies to mobile devices only smartphones and tablet computers. Laptop computers, USB storage devices and other portable media are excluded from scope. It is part of the University s Information Security Management System (ISMS) and is subservient to the Information Security Policy (ISP) [4] and the General Conditions of Use [1]. This Standard applies to all Members of the University and, as determined by Legal Services and/or IT Services, to partners, third parties, external contractors, contingent workers, and other contributors, having access to the University s information resources. Control requirements in this Standard are defined to avoid breaches of any law, statutory, regulatory or contractual obligations. Where local laws and regulations require controls that are more restrictive than those identified in this Standard, those control requirements must be applied. The terminology used in this document conforms to the Information Security Glossary [3]. The requirements are stated using the MoSCoW prioritisation scheme. Page 3 of 7

4 1.4 Compliance Accountability for ensuring compliance lies with the appropriate Head of School or Director under advice from IT Services. In practice, this means ensuring that all staff that need access to from mobile devices are allocated a licence to the appropriate product and that all exceptions are formally approved by the Head of College or Registrar. 2 Responsibilities Objective: Ensure that ownership, custodianship, responsibility and accountability for information assets are clearly defined. All Staff and others as appropriate 1. Abide by the terms of the Information Security Policy [4] and General Conditions of Use of Computing and Network Facilities [1]. 2. Individuals have specific responsibilities for information and data security. They are responsible for taking reasonable precautions against breaches of confidentiality or integrity of the information they have access to. 3. Ensure that mobile devices used to access University held data are on the approved mobile device operating systems list, which can be found in the IT Services Knowledge Base article KB12006 on the IT Service Desk web site [5]. 4. Not to store University held data on unmanaged or unencrypted mobile devices. 5. To protect any University data held on mobile devices with a strong password as described in the Access Management Standard [6] section 4 and Appendix A. 6. Not to share usernames and passwords. 7. To keep passwords secure. 8. To notify the IT Service Desk within 1 working day of the loss or theft of any mobile device holding University data or applications (www.itservicedesk.bham.ac.uk or +44 (121) To notify the IT Service Desk within 1 working day in the event of any suspected instances of virus or malware infection on any mobile device holding University data or applications (www.itservicedesk.bham.ac.uk or +44 (121) ). IT Services Staff: 10. Provide and configure technical facilities to authorised staff. 11. Ensure that only mobile devices that are on the approved operating system product list are permitted to connect to University held data. 12. Maintain, update and publicise the approved mobile device operating systems lists. Heads of School and College Directors of Operations 13. Authorise budget centre staff remote access using approved mobile devices. 14. Identify and propose exceptions for individual staff members to be allowed to freely download messages from their University accounts without using approved mobile device management (MDM) or mobile application management (MAM) software. Heads of School are responsible for proposing exceptions for academic staff and College Directors of Operations for administrative staff. The exceptions will be approved by the Head of College. Directors of Professional Services 15. Authorise budget centre staff remote access using approved mobile devices. 16. Identify and propose exceptions for individual staff members to be allowed to freely download messages from their University accounts without using approved Page 4 of 7

5 3 Controls mobile device management (MDM) or mobile application management (MAM) software. The exceptions will be approved by the Registrar. Heads of College and Registrar 17. Approve exceptions from the requirement to access University using approved mobile device management (MDM) or mobile application management (MAM). The exceptions are proposed by the Heads of School for approval by their Heads of College and by corporate services directors to the Registrar. 3.1 Information Handling Objective: Ensure that information assets are handled according to their classification. 1. and data must not be stored on mobile devices unless appropriate measures as defined by IT Services have been taken to ensure the security of the information. 2. Confidential data may only be transferred across networks, or copied to other media, when the confidentiality and integrity of the data can be assured. 3. Confidential data must only be accessed in a secure manner from devices using an approved operating system, using supported delivery methods. 4. Where applicable, IT Services will provide guidance on alternative methods of using mobile devices to securely access data which do not involve storing any such data on the device. All users may access their university accounts via a web browser using Outlook Web Access (OWA) because it does not store messages or attachments locally. 3.2 Approved Operating System Lists 1. A list of approved mobile device operating systems will be published by IT Services and updated as required. 2. Mobile device operating systems not on the approved list will not be supported or permitted to connect to access controlled data held by the University. 3. Operating systems on the approved list which IT Services will supply on behalf of the University will be clearly indicated as such. 3.3 Authorisation, Granting Access Objective: Prevent unauthorised access to information resources by implementing controls that ensure the timely and controlled action relating to requesting, establishing, issuing, suspending and closing User IDs 1. Staff requiring access to University data on mobile devices must have the approval of a senior manager in their budget centre to do so. 2. Senior managers within their budget centre must give due consideration to the risks involved. Factors which will need to be taken into account include protection of confidential information and any legal issues. 3. Approved requests for the use of mobile devices must be submitted from the senior manager within the budget centre to IT Services. 4. Personally owned mobile devices may be used to access University held data, subject to the following conditions: a. The device meets the requirements of the approved devices and operating systems product list. b. Approval from a senior manager within the budget centre has been obtained. Page 5 of 7

6 3.4 Security of Mobile Devices c. Any required licences are purchased. d. The University will not reimburse data or other charges incurred through the use of personally owned mobile devices, which for the avoidance of doubt shall include roaming charges for data use incurred when using a mobile device overseas. Objective: Prevent unauthorised access by implementing controls that ensure the effectiveness of authentication and access mechanisms, and to prevent the fraudulent use of authentication credentials Passwords Passwords are subject to the general controls on authentication credentials defined in the Access Management Standard [6] section Security of Passwords the provisions concerning passwords and management of passwords outlined in section 2. Responsibilities must be observed. 2. Strong Passwords must be used, with at least 8 characters and contain letters and numbers, unless the device is configured to lock itself after no more than five consecutive unsuccessful sign-on attempts in succession and can only be unlocked by a University administrator. 3. Password Lifecycle passwords used to protect University data on mobile devices must be managed as defined in the Access Management Standard [6]. 4. Password Uniqueness passwords used for mobile device security should be different from the user s passwords used to gain access to other University systems and information resources Tampering with, modifying or adapting applications and security on mobile devices 1. Jailbreaking or rooting of any mobile device that holds or connects to University data is forbidden. 2. Tampering with, modifying or adapting any University provided software application installed on any mobile device is forbidden. 3.5 Change or Termination of Access Rights 1. The University reserves the right to withdraw access to and/or wipe remotely any University data whether stored within University owned applications or not which is held on mobile devices whether personally owned or University owned, in particular in the event of: a. Loss or theft of mobile devices. b. Jailbreaking or rooting of mobile devices. c. Tampering with, modifying or adapting any University provided software application installed on any mobile device d. Suspected virus or malware infections on mobile devices. 2. A member of staff s access to University owned data on mobile devices, whether personally owned or University owned, will be terminated immediately upon termination of employment with or engagement by the University and the University will forthwith remotely wipe any University data from such devices. Page 6 of 7

7 Glossary Control Information Asset ISMS Jailbreaking MAM MDM Member Mobile Device Mobile Operating System MoSCoW OWA Rooting Security Mechanism Smartphone Tablet University Held Data An administrative, procedural, technical, physical or legal means of preventing or managing the impact upon an asset of an information security incident. Controls may be: Preventative prevents impact upon an asset. Detective detects impact upon an asset. Reactive reacts to impact on an asset, includes: o Corrective actively reduces impact. o Recovery restores an asset after impact. A physical or virtual artefact containing data that realises information. This includes documents, s, databases etc. Information Security Management System the collection of information security documents and resources. A process of removing limitations imposed by mobile device manufacturers, through the use of hardware/software exploits, to gain privileged access. Also called Rooting. Mobile Application Management software that monitors and controls mobile apps. Mobile Device Management software that secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises Member of the University as defined in the University Regulations. Smartphone or tablet computer. An operating system (such as Apple ios, Blackberry OS, Windows Phone or Google Android) designed specifically for use on mobile devices. Requirements prioritisation scheme: M must be met. S should be met if possible (high priority). C could be met in future if time and resources permit. W won t be met now, but may be considered in the future. Outlook Web Access a Microsoft web application used to access Exchange hosted accounts. See Jailbreaking. The realisation or implementation of a Control. A high specification mobile phone (such as Apple iphone, Blackberry and HTC phones) that offers advanced computing and internet connectivity features. A tablet sized computer (such as Apple ipad, Samsung Galaxy and Asus Transformer) that has many features of a full sized computer. Data normally held on University systems. This includes , calendar and contacts information. References [1]. General Conditions of Use of Computing and Network Facilities [2]. Information Classification Standard [3]. Information Security Glossary [4]. Information Security Policy [5]. Service Desk Knowledge Base article KB12006 [6]. Access Management Standard Page 7 of 7

Information Security Policy for Associates and Contractors

Information Security Policy for Associates and Contractors Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...

More information

Washwood Heath Academy Use by staff of private communication devices policy

Washwood Heath Academy Use by staff of private communication devices policy As a learning community, Washwood Heath Academy wants all staff and students to be able to be safe users of ICT and all data storage. The development of responsible, independent users is a prime aim of

More information

BYOD Policy for [AGENCY]

BYOD Policy for [AGENCY] BYOD Policy for [AGENCY] This document provides policies, standards, and rules of behavior for the use of smartphones, tablets and/or other devices ( Device ) owned by [AGENCY] employees personally (herein

More information

EXECUTIVE DECISION NOTICE. ICT, Communications and Media. Councillor John Taylor. Deputy Executive Leader

EXECUTIVE DECISION NOTICE. ICT, Communications and Media. Councillor John Taylor. Deputy Executive Leader EXECUTIVE DECISION NOTICE SERVICE AREA: SUBJECT MATTER: DECISION: DECISION TAKER(S): DESIGNATION OF DECISION TAKER(S): GOVERNANCE ICT, Communications and Media PERSONAL DEVICE POLICY That the Personal

More information

[BRING YOUR OWN DEVICE POLICY]

[BRING YOUR OWN DEVICE POLICY] 2013 Orb Data Simon Barnes [BRING YOUR OWN DEVICE POLICY] This document specifies a sample BYOD policy for use with the Orb Data SaaS MDM service Contents 1 ACCEPTABLE USE... 3 1.1 GENERAL RULES... 3 2

More information

Mobile Devices Policy

Mobile Devices Policy Mobile Devices Policy Item Policy description Division Director Contact Description Guidelines to ensure that mobile devices are deployed and used in a secure and appropriate manner. IT Services and Records

More information

USE OF PERSONAL MOBILE DEVICES POLICY

USE OF PERSONAL MOBILE DEVICES POLICY Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014

More information

COMMERCIALISM INTEGRITY STEWARDSHIP. Remote Access and Mobile Working Policy & Guidance

COMMERCIALISM INTEGRITY STEWARDSHIP. Remote Access and Mobile Working Policy & Guidance Remote Access and Mobile Working Policy & Guidance Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Remote Access and

More information

Network Password Management Policy & Procedures

Network Password Management Policy & Procedures Network Password Management Policy & Procedures Document Ref ISO 27001 Section 11 Issue No Version 1.3 Document Control Information Issue Date April 2009, June 2010, September 2011 Status Approved By FINAL

More information

Guideline on Safe BYOD Management

Guideline on Safe BYOD Management CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version

More information

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Mobile Tablet Devices

Mobile Tablet Devices Document Owner: Page 1 of 5 Mobile Tablet Devices Purpose The purpose of this document is to provide guidance for the appropriate purchase and usage of Mobile Tablet Devices (devices running ios and Android

More information

AirWatch for Android Devices

AirWatch for Android Devices Overview What is AirWatch AirWatch is the mobile device management (MDM) system provided by UMHS to ensure security for smart phones and tablets that connect to the UMHS environment. AirWatch provides

More information

Exploiting the business potential of BYOD (bring your own device)

Exploiting the business potential of BYOD (bring your own device) WHITE PAPER: EXPLOITING THE BUSINESS POTENTIAL OF BYOD........................................ Exploiting the business potential of BYOD (bring your own device) Who should read this paper This paper addresses

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Bring Your Own Device. Individual Liable User Policy Considerations

Bring Your Own Device. Individual Liable User Policy Considerations Bring Your Own Device Individual Liable User Contents Introduction 3 Policy Document Objectives & Legal Disclaimer 3 Eligibility Considerations 4 Reimbursement Considerations 4 Security Considerations

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Consumer Device Policy (Smartphones / Tablets) BYOD (Bring Your Own Device)

Consumer Device Policy (Smartphones / Tablets) BYOD (Bring Your Own Device) Consumer Device Policy (Smartphones / Tablets) BYOD (Bring Your Own Device) Policy Number: 422 Supersedes: - Standards For Healthcare Services No/s 1, 5, 19 New Version Date Of Reviewer Completed Date

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

BEConnected User Agreement

BEConnected User Agreement BEConnected User Agreement Page 1 of 5 INTRODUCTION This is a legal document between you and the owner ( Belmont College ) of the Apple ipad tablet ( ipad ) in connection with the delivery of an ipad to

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

INFORMATION SECURITY PROCEDURES

INFORMATION SECURITY PROCEDURES INFORMATION AN INFORMATION SECURITY PROCEURES Parent Policy Title Information Security Policy Associated ocuments Use of Computer Facilities Statute 2009 Risk Management Policy Risk Management Procedures

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third

More information

Harper Adams University College. Information Security Policy

Harper Adams University College. Information Security Policy Harper Adams University College Information Security Policy Introduction The University College recognises that information and information systems are valuable assets which play a major role in supporting

More information

IT ACCESS CONTROL POLICY

IT ACCESS CONTROL POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical

More information

Guidelines. I. Purpose. A. Ownership and Responsibilities

Guidelines. I. Purpose. A. Ownership and Responsibilities MDM Guidelines I. Purpose The purpose of these guidelines is to establish mobile device management standards for securing college owned mobile devices. College owned devices are defined as any smart device

More information

BYOD Guidance: BlackBerry Secure Work Space

BYOD Guidance: BlackBerry Secure Work Space GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.

More information

Appendix 1b. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Review of Mobile Portable Devices Management

Appendix 1b. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Review of Mobile Portable Devices Management Appendix 1b DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA Review of Mobile Portable Devices Management DISTRIBUTION LIST Audit Team David Esling, Head of Audit and Assurance

More information

Guidelines. London School of Economics & Political Science. Remote Access and Mobile Working Guidelines. Information Management and Technology

Guidelines. London School of Economics & Political Science. Remote Access and Mobile Working Guidelines. Information Management and Technology London School of Economics & Political Science Information Management and Technology Guidelines Remote Access and Mobile Working Guidelines Jethro Perkins Information Security Manager Summary This document

More information

Mobile Device Security Is there an app for that?

Mobile Device Security Is there an app for that? Mobile Device Security Is there an app for that? Session Objectives. The security risks associated with mobile devices. Current UC policies and guidelines designed to mitigate these risks. An approach

More information

Policy Checklist. Directorate of Performance and Reform. Stephen Hylands, Head of Information Technology

Policy Checklist. Directorate of Performance and Reform. Stephen Hylands, Head of Information Technology Policy Checklist Name of Policy: Purpose of Policy: Directorate responsible for Policy Name & Title of Author: Does this meet criteria of a Policy? Trade Union consultation? Equality Screened by: Date

More information

Enterprise Mobility as a Service

Enterprise Mobility as a Service Service Description: Insert Title Enterprise Mobility as a Service Multi-Service User Management for Mobility 1. Executive Summary... 2 2. Enterprise Mobility as a Service Overview... 3 3. Pricing Structure...

More information

Bring Your Own Device (BYOD) Policy

Bring Your Own Device (BYOD) Policy Bring Your Own Device (BYOD) Policy Document History Document Reference: Document Purpose: Date Approved: Approving Committee: To set out the technical capabilities of the chosen security solution Airwatch

More information

BYOD in the Enterprise

BYOD in the Enterprise BYOD in the Enterprise MDM. The solution to BYOD? Context Information Security whitepapers@contextis.co.uk October 2013 Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) 207 537 7515

More information

IT TECHNOLOGY ACCESS POLICY

IT TECHNOLOGY ACCESS POLICY IT TECHNOLOGY ACCESS POLICY Effective Date May 19, 2016 Cross- Reference 1. IT Access Control and User Access Management Policy Responsibility Director, Information 2. IT Acceptable Use Policy Technology

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc. INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc. Copyright 2016 Table of Contents INSTRUCTIONS TO VENDORS 3 VENDOR COMPLIANCE PROGRAM OVERVIEW 4 VENDOR COMPLIANCE

More information

Adams County, Colorado

Adams County, Colorado Colorado Independent Consultants Network, LLC Adams County, Colorado Bring-Your-Own-Device Policy Prepared by: Colorado Independent Consultants Network, LLC Denver, Colorado March 20, 2014 Table of Contents

More information

McAfee Multi Access from ø. Step-by-step guide to protecting your devices. Always.

McAfee Multi Access from ø. Step-by-step guide to protecting your devices. Always. McAfee Multi Access from ø Step-by-step guide to protecting your devices. Always. Contents 3 Welcome to McAfee Multi Access 5 Setting up your Windows PC Setting up McAfee Multi Access on your Windows PC

More information

Information Governance Officer 01427 676652 Steve.anderson@west-lindsey.gov.uk

Information Governance Officer 01427 676652 Steve.anderson@west-lindsey.gov.uk B CPR.32 15/16 Corporate Policy and Resources Committee Date: 10 November 2015 Subject: Bring Your Own Device Policy Report by: Director of Resources Contact Officer: Purpose / Summary: Steve Anderson

More information

Bring Your Own Device (BYOD) Policy

Bring Your Own Device (BYOD) Policy Bring Your Own Device (BYOD) Policy Version: 1.0 Last Amendment: N/A Approved by: Executive Committee Policy owner/sponsor: Director, Digital Library Services and CIO Policy Contact Officer: Manager, ICT

More information

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance Mobile Security Checklist An Easy, Achievable Plan for Security and Compliance Introduction Are mobile devices the weak link in your security defenses? Today, organizations are pouring millions of dollars

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...

More information

University for the Creative Arts. Mobile Working and Remote Access Policy

University for the Creative Arts. Mobile Working and Remote Access Policy Mobile Working and Remote Access Policy Version 1.0 Date: 20 July 2009 Document History Version History 1.0 20 July 2009 Approved for publication by the IS Board after E&FC approval in June 2009 Title:

More information

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Auditing the Security and Management of Smart Devices ISACA Dallas Meeting

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...

More information

University of Cincinnati HIPAA Administrative, Physical and Technical Safeguards

University of Cincinnati HIPAA Administrative, Physical and Technical Safeguards HIPAA Administrative, Physical and Technical Safeguards Your information security role in protecting HIPAA information Effective Date: 7/1/2014 Prior Effective Date: 10/1/2013 HIPAA Administrative, Physical

More information

Back to the Future: Securing your Unwired Enterprise

Back to the Future: Securing your Unwired Enterprise Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has

More information

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo.

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo. Embracing BYOD Without Compromising Security or Compliance The Mobile Risk Management Company Sheldon Hebert SVP Enterprise Accounts, Fixmo Sheldon.Hebert@fixmo.com New Realities of Enterprise Mobility

More information

Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access

Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access To strengthen KBR information security and safeguard company data, Information Technology will implement two-factor authentication

More information

AirWatch for ios Devices

AirWatch for ios Devices Overview What is AirWatch AirWatch is the mobile device management (MDM) system provided by UMHS to ensure security for smart phones and tablets that connect to the UMHS environment. AirWatch provides

More information

Lowanna College 2015 BYOD PROGRAM AGREEMENT. BYOD Program 2015. BYOD Student Agreement/Acceptable Use Policy/Online Services Policy

Lowanna College 2015 BYOD PROGRAM AGREEMENT. BYOD Program 2015. BYOD Student Agreement/Acceptable Use Policy/Online Services Policy BYOD Program 2015 BYOD Student Agreement/Acceptable Use Policy/Online Services Policy The student and parent/guardian must carefully read the above contract before signing it. Any questions should be addressed

More information

Mobile Security: Controlling Growing Threats with Mobile Device Management

Mobile Security: Controlling Growing Threats with Mobile Device Management Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work

More information

Information Security Manager Training

Information Security Manager Training Information Security Manager Training Kent Swagler CCEP Director, Corporate Compliance Direct line (314) 923-3097 Cell (314) 575-8334 kswagler@metrostlouis.org Information Security Manager Training Overview

More information

Information Security It s Everyone s Responsibility

Information Security It s Everyone s Responsibility Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable

More information

TERMS AND CONDITIONS GOVERNING THE USE OF NBADS ONLINE TRADING

TERMS AND CONDITIONS GOVERNING THE USE OF NBADS ONLINE TRADING TERMS AND CONDITIONS GOVERNING THE USE OF NBADS ONLINE TRADING In this document, the following words and phrases shall have the meanings set out below unless indicated otherwise. You should read every

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Information Security Program

Information Security Program Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security

More information

Research Information Security Guideline

Research Information Security Guideline Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different

More information

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review

More information

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012 BYOD and Mobile Device Security Shirley Erp, CISSP CISA November 28, 2012 Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html.

More information

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com {ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY Information Security Policy INFORMATION SECURITY POLICY Introduction Norwood UK recognises that information and information systems are valuable assets which play a major role in supporting the companies

More information

Mobile Device Management for CFAES

Mobile Device Management for CFAES Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are

More information

ONE Mail Direct for Mobile Devices

ONE Mail Direct for Mobile Devices ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document

More information

BYOD Policy Implementation Guide. BYOD Three simple steps to legally secure and manage employee-owned devices within a corporate environment

BYOD Policy Implementation Guide. BYOD Three simple steps to legally secure and manage employee-owned devices within a corporate environment BYOD Policy Implementation Guide BYOD Three simple steps to legally secure and manage employee-owned devices within a corporate environment We won t bore you with the typical overview that speaks to the

More information

Access Control Policy

Access Control Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

Symantec Mobile Management 7.1

Symantec Mobile Management 7.1 Scalable, secure, and integrated device management for healthcare Data Sheet: Industry Perspectives Healthcare Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any

More information

Office 365 Data Processing Agreement with Model Clauses

Office 365 Data Processing Agreement with Model Clauses Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081

More information

Acceptable Use Guidelines

Acceptable Use Guidelines Attachment to the Computer and Information Security and Information Management Policies Acceptable Use Guidelines NZQA Quality Management System Supporting Document Purpose These Acceptable Use Guidelines

More information

Symantec Mobile Management 7.2

Symantec Mobile Management 7.2 Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology

More information

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD STRATEGY ANALYTICS INSIGHT October 2012 Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD By Mark Levitt, Analyst/Director at Strategy Analytics BYOD

More information

Global Mobile Technologies Guide for Zenprise Enrollment for IOS devices (ipad, iphones)

Global Mobile Technologies Guide for Zenprise Enrollment for IOS devices (ipad, iphones) Global Mobile Technologies Guide for Zenprise Enrollment for IOS devices (ipad, iphones) As part of Sony Pictures commitment to enabling our workforce with the best technology and related tools available,

More information

How to configure your mobile devices post migrating to Microsoft Office 365

How to configure your mobile devices post migrating to Microsoft Office 365 How to configure your mobile devices post migrating to Microsoft Office 365 1 Contents Purpose... 3 Document support boundaries... 3 Examples used in this document... 3 ipad and iphone (ios 4.x and 5.x)...

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

BYOD: End-to-End Security

BYOD: End-to-End Security BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com

More information

Mobile Device Management Buyers Guide

Mobile Device Management Buyers Guide Mobile Device Management Buyers Guide IT departments should be perceived as the lubricant in the machine that powers an organization. BYOD is a great opportunity to make life easier for your users. But

More information

BankSA Internet and Phone Banking. Terms and Conditions and Important Information

BankSA Internet and Phone Banking. Terms and Conditions and Important Information BankSA Internet and Phone Banking Terms and Conditions and Important Information Effective 5 June 2016 This document sets out terms and conditions for BankSA Internet, Mobile and Phone Banking along with

More information

SECURING TODAY S MOBILE WORKFORCE

SECURING TODAY S MOBILE WORKFORCE WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table

More information

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that

More information

Addendum Windows Azure Data Processing Agreement Amendment ID M129

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129 Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the

More information

esnc ACCESS AGREEMENT

esnc ACCESS AGREEMENT FEDERAL RESERVE BOARD Shared National Credit Function esnc ACCESS AGREEMENT A. Introduction This agreement (Agreement) sets forth the terms for your Institution s use of our Electronic Shared National

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Portable Devices and Removable Media Acceptable Use Policy v1.0

Portable Devices and Removable Media Acceptable Use Policy v1.0 Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working

More information

Bring Your Own Device Policy

Bring Your Own Device Policy Bring Your Own Device Policy Purpose of this Document This document describes acceptable use pertaining to using your own device whilst accessing University systems and services. This document will be

More information

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

INFORMATION SECURITY MANAGEMENT POLICY

INFORMATION SECURITY MANAGEMENT POLICY INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10 Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between

More information

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid. Microsoft Online Subscription Agreement Amendment adding Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Proposal ID MOSA number Microsoft to complete This Amendment

More information

Exchange ActiveSync (EAS)

Exchange ActiveSync (EAS) Exchange ActiveSync (EAS) EAS allows for the synchronization of email, contacts, calendar, tasks and notes from an Exchange email server to a mobile device. Configuring and Connecting ios devices (iphone,

More information

Third Party Security Requirements Policy

Third Party Security Requirements Policy Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,

More information

White Paper. Data Security. The Top Threat Facing Enterprises Today

White Paper. Data Security. The Top Threat Facing Enterprises Today White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is

More information